A new law, part of a bill meant to keep the government funded until fall 2013, gives the FBI and other heads of government agencies the power to stop the sale of imported Chinese equipment to the government believed to be a security risk. Various tech industry group as well as the White House believe language in the bill is to vague and may cause disruption without actually preventing any potential threats. The bill would technically allow the halt of technology who's parts had ever been in China. Due to ever more complicated and global supply chains not always in the control of the ultimate buyers however, this could prove prohibitive and leave the government "behind the security curve" because it would not be able to buy the latest technology. The bill also does not take into account that Chinese companies are capable of producing equipment in other countries with no legal connection China itself by restricting sales based on geography. Finally there are concerns that if we disallow the sale of Chinese equipment in the U.S. then China will disallow the sale of U.S. equipment in China leading to an embargo war.
Analysis:
While banning potential threats from Chinese hardware is an interesting choice by the congress it fails to take into account practicality. If the Chinese government wants to hack into our computer systems (as they likely already have) there are much simpler ways of doing so than engineering spyware at the hardware level. To do so would be an immediate red flag that a specific Chinese manufacturer is the source and lead to a more targeted version of this bill towards that company. As it stands the U.S. already believes China is hacking our country because of the many Chinese IP's associated with attacks but cannot directly prove it due to the fact that foreigners to China can still use their IP's for malicious intent. In addition this bill may leave the U.S. government more vulnerable to attack by not having the most up to date security. IT supply chains are world wide and if any one component of a device is from China an agency head can stop its purchase. If the latest security technology has a chip or board from China the U.S. government may be more vulnerable against Chinese cyber attacks without Chinese hardware rather than with Chinese Hardware. If the U.S. government wants to protect itself from Cyber attacks originating from China it should first and foremost develop a better relationship with the country. There is still the possibility that civilian or fringe elements of the Chinese government are the true cyber attackers while the main government is spying neutrally as any country would do and having an internal ally (the Chinese Government) with the motivation to prevent said attacks would be helpful. Even if the Chinese government as a whole is the main attacker however does not mean we should cut all ties with their resources. As the old adage goes, "keep your friends close and your enemies closer". If we continue to buy Chinese technology under the second scenario then not only can we analyze it for potential problems but also control what China sees and when or if it is capable of any damage.
A new law, part of a bill meant to keep the government funded until fall 2013, gives the FBI and other heads of government agencies the power to stop the sale of imported Chinese equipment to the government believed to be a security risk. Various tech industry group as well as the White House believe language in the bill is to vague and may cause disruption without actually preventing any potential threats. The bill would technically allow the halt of technology who's parts had ever been in China. Due to ever more complicated and global supply chains not always in the control of the ultimate buyers however, this could prove prohibitive and leave the government "behind the security curve" because it would not be able to buy the latest technology. The bill also does not take into account that Chinese companies are capable of producing equipment in other countries with no legal connection China itself by restricting sales based on geography. Finally there are concerns that if we disallow the sale of Chinese equipment in the U.S. then China will disallow the sale of U.S. equipment in China leading to an embargo war.
Analysis:
While banning potential threats from Chinese hardware is an interesting choice by the congress it fails to take into account practicality. If the Chinese government wants to hack into our computer systems (as they likely already have) there are much simpler ways of doing so than engineering spyware at the hardware level. To do so would be an immediate red flag that a specific Chinese manufacturer is the source and lead to a more targeted version of this bill towards that company. As it stands the U.S. already believes China is hacking our country because of the many Chinese IP's associated with attacks but cannot directly prove it due to the fact that foreigners to China can still use their IP's for malicious intent. In addition this bill may leave the U.S. government more vulnerable to attack by not having the most up to date security. IT supply chains are world wide and if any one component of a device is from China an agency head can stop its purchase. If the latest security technology has a chip or board from China the U.S. government may be more vulnerable against Chinese cyber attacks without Chinese hardware rather than with Chinese Hardware. If the U.S. government wants to protect itself from Cyber attacks originating from China it should first and foremost develop a better relationship with the country. There is still the possibility that civilian or fringe elements of the Chinese government are the true cyber attackers while the main government is spying neutrally as any country would do and having an internal ally (the Chinese Government) with the motivation to prevent said attacks would be helpful. Even if the Chinese government as a whole is the main attacker however does not mean we should cut all ties with their resources. As the old adage goes, "keep your friends close and your enemies closer". If we continue to buy Chinese technology under the second scenario then not only can we analyze it for potential problems but also control what China sees and when or if it is capable of any damage.